<?php
	// Version 1.0.4
	// Date: 2013-03-03

	function sec_session_start() {
		$session_name = 'the_sett_admin';
		session_name($session_name);
		session_start();
		session_regenerate_id(true);
	}

	function checkbrute($cn, $user_id, $comp) {
		$now = date("Y-m-d H:i:s");
		$valid_attempts = $now - (2 * 60 * 60); 
		$result = $cn->Data("select time from login_attempts where user_id = $user_id and comp = $comp and time > '$valid_attempts'", false);
		
		if (sizeof($result) > 5) {
			return true;
		} else {
			return false;
		}
	}

	function login($email, $password) {
		$cn = new db_mysqli();
		$result = $cn->Data("select id, iscompany, password, verified from users where email = '$email' limit 1", false);
		$comp = 0;
		$admin = 0;
		$verified = 0;

		if (sizeof($result) == 0) {
			$admin = 1;
			$verified = 1;
			$result = $cn->Data("select id, password from admins where email = '$email' limit 1", false);
		}
		$password = md5($password);

		if (sizeof($result) > 0) {
			$user_id = $result[0]['id'];
			if ($admin == 0) $comp = $result[0]['iscompany'];
			if ($verified == 0) $verified = $result[0]['verified'];
			if (checkbrute($cn, $user_id, $comp) == true) { 
				$cn->Close();
				return false;
			} else {
				$db_password = $result[0]['password'];
				if ($db_password == $password) {
					$ip_address = $_SERVER['REMOTE_ADDR'];
					$user_browser = $_SERVER['HTTP_USER_AGENT'];
					$user_type	= 0;
					if ($comp == 1) $user_type = 1;
					if ($admin == 1) $user_type = 2;
					$_SESSION['user_id'] = $user_id; 
					$_SESSION['email'] = $email;
					$_SESSION['comp'] = $comp;
					$_SESSION['admin'] = $admin;
					$_SESSION['verified'] = $verified;
					$_SESSION['user_type'] = $user_type;
					$_SESSION['login_string'] = md5($db_password.$ip_address.$user_browser);
					$cn->Close();
					return true;
				} else {
					$now = time();
					$cn->Add('login_attempts', array('user_id'=>$user_id, 'time'=>$now, 'comp'=>$comp));
					$cn->Close();
					return false;
				}
			}
		} else {
			$cn->Close();
			return false;
		}
	}

	function login_check($cn) {
		if (isset($_SESSION['user_id'], $_SESSION['email'], $_SESSION['login_string'], $_SESSION['comp'], $_SESSION['admin'], $_SESSION['user_type'])) {
			$user_id = $_SESSION['user_id'];
			$login_string = $_SESSION['login_string'];
			$comp = $_SESSION['comp'];
			$admin = $_SESSION['admin'];
			$email = $_SESSION['email'];
			$ip_address = $_SERVER['REMOTE_ADDR'];
			$user_browser = $_SERVER['HTTP_USER_AGENT'];

			$table = 'users';
			//if ($comp == 1) $table = 'companies';
			if ($admin == 1) $table = 'admins';

			$result = $cn->Data("select password from $table where id=$user_id limit 1", false);
			
			if (sizeof($result) > 0) {
				$db_password = $result[0]['password'];
				$login_check = md5($db_password.$ip_address.$user_browser);
				if ($login_check == $login_string) {
					//$cn->Close();
					return true;
				} else {
					$cn->Close();
					return false;
				}
			} else {
				$cn->Close();
				return false;
			}
			//return 'session';
		} else {
			return false;
			//return 'no session';
		}
	}
?>